This commit also enables acls in tests/init.sh which is common for all the tests. Maybe there is a way to only enable it for acls tests.

Co-Authored-By: Alexander Bantyev <[email protected]>

The User (resp Group) constructor will check the return value of getpwnam (resp getgrnam) and fail with an error message in case of error.

…rAccess

- comment out failing tests
- split the test script in multiple strings
- add a test that should fail if a permission is missing from a direct runtime dependency

These require enabling `acls` for all the tests (even non acls ones). Which fails at the moment (but should not).

Before this, the getAccessStatus/setAccessStatus functions were testing the presence of the path to decide whether to access the current or future permissions. This can be incorrect if the path is already present at the start of the build. So we now decide at call site which set of permission to use.

If a path was already present at the beginning of the build, it does not need to be added to the store so its permissions may not be updated.
We add a check to compate future and current permissions and repair the paths if needed to synchronize the permission.

If a path already exists, set permissions right away instead of writing them to the future permissions map and synchronize latter.

If a folder was already imported to the store and we do not have permission to this store path, we may be able to edit the permissions if we have read access to all the files of this folder.

…nt_future

This way we only call ensureAccess in cases where the permissions are updated. In particular, we do not want to call ensureAccess if you depend on an already built derivation you could not build yourself, but want to use its public outputs.